WingNews logo WingNews GitHub [2]
top | item 33330410

FTC Takes action against Drizly and CEO following security breaches

89 points| thrownaway996 | 3 years ago |ftc.gov | reply

20 comments

order
[+] ferrocarraiges|3 years ago|reply
I am genuinely curious: why did the FTC take this enforcement action?

There is no fine, no prosecution, no consequences of any sort. Essentially, they're just asking the executive to "implement an information security program" at any companies they head.

This seems to send the message that there are absolutely no consequences for getting caught hiding an extremely negligent data breach. Was that the FTC's intent?

[+] kingkilr|3 years ago|reply
Since last year's AMG case in the Supreme Court, the FTC is not authorized to seek monetary relief in these cases.

The FTC can seek monetary relief if this order is violated.

[+] jnorthrop|3 years ago|reply
There is this condition

> Recognizing that reality, the Commission’s proposed order will follow Rellas even if he leaves Drizly. Specifically, Rellas will be required to implement an information security program at future companies if he moves to a business collecting consumer information

I'm not aware of any other decree following the CEO to other companies.

[+] adrr|3 years ago|reply
FTC isn't the DOJ. They can't prosecute anything.
[+] neogodless|3 years ago|reply
> Drizly and Rellas were alerted to security problems two years prior to the breach yet failed to take steps to protect consumers’ data from hackers.

That seems less than ideal.

[+] lancesells|3 years ago|reply
Is there any sort of browser extension that shows number of known security breaches when you visit a website? Would be interesting.
[+] hayst4ck|3 years ago|reply
How would you propose tallying up the number of security breaches?

You would need a way to collect breaches by company, and then a way to tie companies to their URLs. Additionally, is solarwinds a Microsoft breach?

If there were a repository of known security breaches, I think the rest could be done manually or fairly easily for a specific list of websites.

[+] kwerk|3 years ago|reply
I’d be interested in this
[+] raunak|3 years ago|reply
Honestly, somebody should take action against Drizly for how easy they make buying alcohol underage if anything (not that I care).
[+] fragmede|3 years ago|reply
How does Drizly change that? I've had to show ID to prove age for the few Drizly orders I've made (even if there wasn't alcohol in the delivery). If the teenager already has a fake ID, how does Drizly move the meter on how easy it is to get alcohol?
[+] monksy|3 years ago|reply
Wait you mean.. the company who photographed your id is in the wrong? Who could have guessed they'd be this crap at info security.
[+] Karunamon|3 years ago|reply
I did not know that Drizly was an Uber subsidiary. I wonder how much of the "disregard for authority" DNA of Uber got on them?
[+] s3r3nity|3 years ago|reply
Drizly was a separate startup that was bought by Uber in 2021
[+] unstatusthequo|3 years ago|reply
Based on this it seems the leaves don’t fall to far from the tree
[+] monksy|3 years ago|reply
They were data hungry before the uber acquisition.